- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
CISCO IPS integration with envision 4.1 VM deployment
Dears;
I am using envision 4.1 virtual deployment in my environment, I need to integrate CISCO IPS 4270 V7.0 to envision, after going through the steps provided by the device configuration document; the device dose not appear, noting that the following error messages appeared:
subscription request failed
asynchronous error 12175 from winhttpsendrequest (https://w.x.y.z:443/cgi-bin/sdee-server/...)
so can any body tell me what I can do to complete the integration.
BR
Rami
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Rami,
Do you check the connectivity between RSA enVision machine and the Cisco IPS device over port 443?
Do you check the SSL certificate on the CISCO IPS device are valid?
Do you check the user and password used to access data from RSA enVision into CISCO IPS are correct?
Do you create the access list on CISCO IPS to authorize the access from RSA enVision into the CISCO IPS device?
Do you started the rdep-event-server in CISCO IPS device?
Do you put the Cisco Secure Ids.txt into the \default_NIC_directory\csd\config\sdees\templates\ directory?
Please Let me know the results.!
Delfin Abzueta.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Delfin;
thank you for your response, answers for your Qs are:
Do you check the connectivity between RSA enVision machine and the Cisco IPS device over port 443?
I tried to telnet the IPS on port 443; the connection was successful, I also installed firefox on the envision VM and tried to get the XML file from the IPS through its web server and it was successful after providing the user and pass, noting that the same test on IE8 (because we have win server 2008 R2 SP1 64bit) was failed.
Do you check the SSL certificate on the CISCO IPS device are valid?
I do not know how to test the certificate, but it is ok from firefox, also when I connected to the IPS by firefox I exported the certificate and installed it to certificate manager mmc.
Do you check the user and password used to access data from RSA enVision into CISCO IPS are correct?
yes
Do you create the access list on CISCO IPS to authorize the access from RSA enVision into the CISCO IPS device?
yes, and I accessed the IPS xml by firefox from envision it self.
Do you started the rdep-event-server in CISCO IPS device?
yes
Do you put the Cisco Secure Ids.txt into the \default_NIC_directory\csd\config\sdees\templates\ directory?
yes
Thank You
BR
Rami
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Rami,
There are some registry tweaks documented in the enVision 4.1 SP1 Release Notes. Download that document and search for SDEE. Changing those values should get you going. Let me know if that works for you or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Rami,
Do you look for errors on SDEE device conection in NIC System LOG??? You can get useful information there.!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Dear Delfin;
sorry for being late; But I cannot find the release notes for envision 4.1 SP1, the available one is for envision 4.1 only.
BR
Rami
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Rami,
4.1 SP1 release notes are available in SCOL (Secur Care Online). Did you check in SCOL ?
Regards
Biju Vasudevan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
******A Winhttpsendrequest error may be noted when the SDEE Collection Service is started****
Tracking Number: ENV-40884
Problem: When the SDEE collection service is started when an SDEE event source is added, Winhttpsendrequest
error messages may be generated. This may occur on both Windows 2003 and Windows 2008.
Workaround: On Windows 2003, you must:
Add the registry key UseScsvForTls under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL and set the value to
1.
On Windows 2008, you must:
1. Add the registry key UseScsvForTls under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL and set the
value to 1.
2. Modify the registry key FIPSAlgorithmPolicy value from 1 to 0 under
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Rami
This case is very interesting. Do you add the key values to Windows Registry? Did this work?
Thanks for sharing your experience.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
I am facing same problem even after applying the registry tweeks
I have the error
9 | 2013/01/30 11:35:12.551 EET |
| %NIC-3-603923: SDEE, SDEE, -, -, -, -, Detail: 4044: 1CF14A54C6374768832D61E40FA6C029: 192.168.250.231: Error: Asynchronous error 12002 from WinHttpSendRequest (https://192.168.250.231:443/cgi-bin/sdee-server?action=open&idsAlertSeverities=informational+low+med...) |
